lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161005190716.GA28329@krava>
Date:   Wed, 5 Oct 2016 21:07:16 +0200
From:   Jiri Olsa <jolsa@...hat.com>
To:     "Theodore Ts'o" <tytso@....edu>, "H. Peter Anvin" <hpa@...or.com>,
        Greg Price <price@....edu>, lkml <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] random: Fix early crash in credit_entropy_bits

ping

thanks,
jirka

On Wed, Sep 21, 2016 at 05:07:11PM +0200, Jiri Olsa wrote:
> From: Jiri Olsa <jolsa@...hat.com>
> 
> When printing out some early acpi messages I hit bug in
> work queue code. The system_wq is not initialized at the
> time acpi_early_init is called and causes irq storm that
> makes credit_entropy_bits call schedule_work and crash:
> 
>   BUG: unable to handle kernel NULL pointer dereference at 0000000000000102^M
>   IP: [<ffffffff810bc282>] __queue_work+0x32/0x450^M
>   PGD 0 ^M
>   Oops: 0000 [#1] SMP^M
>   ...
>   Call Trace:^M
>    <IRQ> [  286.521689]  [<ffffffff817b5dc6>] ? _raw_write_unlock_irqrestore+0x16/0x20^M
>    [<ffffffff814f0f82>] ? add_interrupt_randomness+0x1c2/0x200^M
>    [<ffffffff810bcc47>] queue_work_on+0x27/0x40^M
>    [<ffffffff814f03a9>] credit_entropy_bits+0x219/0x280^M
>    [<ffffffff814ee4f6>] ? __mix_pool_bytes+0x36/0x90^M
>    [<ffffffff814f0f82>] add_interrupt_randomness+0x1c2/0x200^M
>    [<ffffffff810fe570>] handle_irq_event_percpu+0x40/0x80^M
>    [<ffffffff810fe5dc>] handle_irq_event+0x2c/0x50^M
>    [<ffffffff81101b93>] handle_level_irq+0x83/0x100^M
>    [<ffffffff8102fdb3>] handle_irq+0x73/0x120^M
>    [<ffffffff810a8fa1>] ? _local_bh_enable+0x21/0x50^M
>    [<ffffffff817b8d2b>] do_IRQ+0x4b/0xd0^M
>    [<ffffffff817b6bcc>] common_interrupt+0x8c/0x8c^M
>    <EOI> [  286.521717]  [<ffffffff81062216>] ? native_restore_fl+0x6/0x10^M
>    [<ffffffff810fbb4f>] console_unlock+0x3ef/0x5d0^M
>    [<ffffffff8100dade>] ? update_sample+0x6e/0xe0^M
>    [<ffffffff810fc55a>] vprintk_emit+0x2aa/0x520^M
>    [<ffffffff810fc96f>] vprintk_default+0x1f/0x30^M
>    [<ffffffff811a87b9>] printk+0x57/0x73^M
>    [<ffffffff81447dda>] acpi_os_vprintf+0x3f/0x41^M
>    [<ffffffff81447e2e>] acpi_os_printf+0x52/0x6e^M
>    ...
>    [<ffffffff81dbfc56>] acpi_load_tables+0x6c/0xf4^M
>    [<ffffffff81dbe4a6>] acpi_early_init+0x7a/0xf0^M
>    [<ffffffff81d73f39>] start_kernel+0x3be/0x472^M
> 
> Preventing this by checking the system_wq has been initialized already.
> 
> Signed-off-by: Jiri Olsa <jolsa@...nel.org>
> ---
>  drivers/char/random.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/random.c b/drivers/char/random.c
> index 3efb3bf0ab83..f4dec86c2e25 100644
> --- a/drivers/char/random.c
> +++ b/drivers/char/random.c
> @@ -725,7 +725,8 @@ retry:
>  		/* If the input pool is getting full, send some
>  		 * entropy to the blocking pool until it is 75% full.
>  		 */
> -		if (entropy_bits > random_write_wakeup_bits &&
> +		if (keventd_up() &&
> +		    entropy_bits > random_write_wakeup_bits &&
>  		    r->initialized &&
>  		    r->entropy_total >= 2*random_read_wakeup_bits) {
>  			struct entropy_store *other = &blocking_pool;
> -- 
> 2.7.4
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ